Integrating Static and Dynamic Analysis to improve the Comprehension of Existing Web Applications

Lucca, G.A. Di; Penta, Massimiliano Di

doi:10.1109/wse.2005.8

Cited by 25 publications

(7 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It proposes forward engineering-based methods designed to simplify the process of building highly interactive web applications [18,19,20,21]. Other research uses reverse engineering methods to extract models from existing web applications in order to support their maintenance and evolution [22,23,24], However, few approaches recover security models from web applications, and in particular access control security models. In Alalfi et al [3] we survey the state of the art in these techniques.…”

Section: Related Workmentioning

confidence: 99%

Recovering Role-Based Access Control Security Models from Dynamic Web Applications

Alalfi

Cordy

Dean

2012

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Security of dynamic web applications is a serious issue. While Model Driven Architecture (MDA) techniques can be used to generate applications with given access control security properties, analysis of existing web applications is more problematic. In this paper we present a model transformation technique to automatically construct a role-based access control (RBAC) security model of dynamic web applications from previously recovered structural and behavioral models. The SecureUML model generated by this technique can be used to check for security properties of the original application. We demonstrate our approach by constructing an RBAC security model of PhpBB, a popular internet bulletin board system.

show abstract

Section: Related Workmentioning

confidence: 99%

Recovering Role-Based Access Control Security Models from Dynamic Web Applications

Alalfi

Cordy

Dean

2012

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…In WANDA execution traces are not filtered, which leads to a huge amount of redundant information stored in its database, and consequently tends to yield cluttered diagrams that are difficult to comprehend. Di Lucca and Di Penta [9] propose an approach to filter the execution traces generated by WANDA by using the WARE tool [19] to identify groups of equivalent Built Client Pages (i.e., client pages dynamically built by server pages which share common features). A filtration of the execution traces collected by WANDA is then performed based on page clustering.…”

Section: Related Workmentioning

confidence: 99%

Automated Reverse Engineering of UML Sequence Diagrams for Dynamic Web Applications

Alalfi

Cordy

Dean

2009

2009 International Conference on Software Testing, Verification, and Validation Workshops

View full text Add to dashboard Cite

This paper presents an approach and tool to automatically instrument dynamic web applications using source transformation technology, and to reverse engineer a UML 2.1 sequence diagram from the execution traces generated by the resulting instrumentation. The result can be directly imported and visualized in a UML toolset such as Rational Software Architect. Our approach dynamically filters traces to reduce redundant information that may complicate program understanding. While our current implementation works on PHP-based applications, the framework is easily extended to other scripting languages in plug-andplay fashion. In addition to supporting web application understanding, our tool is being used to recover traces from dynamic web applications in support of web application security analysis and testing. We demonstrate our method on the analysis of the popular internet bulletin board system PhpBB 2.0.

show abstract

“…Even though presented in the same publication (Lucca and Penta, 2005), WARE and WANDA are web application reverse-engineering tools that were developped independently. The former adresses the static analysis of web applications.…”

Section: Ware and Wandamentioning

confidence: 99%

Overview of Web Content Adaptation

Lardon¹,

Ates²,

Gravier³

et al. 2008

Proceedings of the Tenth International Conference on Enterprise Information Systems

View full text Add to dashboard Cite

Abstract:Nowadays Internet contents can be reached from a vast set of different devices. We can cite mobile devices (mobile phones, PDAs, smartphones) and more recently TV sets through browser-embedding Set-Top Boxes (STB). The diverse characteristics that define these devices (input, output, processing power, available bandwidth, . . . ) force content providers to keep as many versions as the number of targeted devices. In this paper, we present the research projects that try to address the content adaptaption.

show abstract

Integrating Static and Dynamic Analysis to improve the Comprehension of Existing Web Applications

Abstract: Abstract

Cited by 25 publications

References 18 publications

Recovering Role-Based Access Control Security Models from Dynamic Web Applications

Recovering Role-Based Access Control Security Models from Dynamic Web Applications

Automated Reverse Engineering of UML Sequence Diagrams for Dynamic Web Applications

Overview of Web Content Adaptation

Contact Info

Product

Resources

About